destructive_command_guard 0.4.5

A Claude Code hook that blocks destructive commands before they execute
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207

//! Helm patterns - protections against destructive helm commands.
//!
//! This includes patterns for:
//! - uninstall releases
//! - rollback without dry-run
//! - delete commands

use crate::packs::{DestructivePattern, Pack, SafePattern};
use crate::{destructive_pattern, safe_pattern};

/// Create the Helm pack.
#[must_use]
pub fn create_pack() -> Pack {
    Pack {
        id: "kubernetes.helm".to_string(),
        name: "Helm",
        description: "Protects against destructive Helm operations like uninstall \
                      and rollback without dry-run",
        keywords: &["helm", "uninstall", "delete", "rollback"],
        safe_patterns: create_safe_patterns(),
        destructive_patterns: create_destructive_patterns(),
        keyword_matcher: None,
        safe_regex_set: None,
        safe_regex_set_is_complete: false,
    }
}

fn create_safe_patterns() -> Vec<SafePattern> {
    // `(?=\s|$)` on each read-only subcommand stops a release name that
    // contains the subcommand keyword as a substring from making a
    // destructive command short-circuit as safe. Without this anchor,
    // `helm uninstall get-operator` would match the `helm-get` safe rule
    // via `get` in `get-operator` and bypass the uninstall check.
    vec![
        // list/status/history are safe (read-only)
        safe_pattern!(
            "helm-list",
            r"helm\b(?:\s+--?\S+(?:\s+\S+)?)*\s+list(?=\s|$)"
        ),
        safe_pattern!(
            "helm-status",
            r"helm\b(?:\s+--?\S+(?:\s+\S+)?)*\s+status(?=\s|$)"
        ),
        safe_pattern!(
            "helm-history",
            r"helm\b(?:\s+--?\S+(?:\s+\S+)?)*\s+history(?=\s|$)"
        ),
        // show/inspect are safe (read-only)
        safe_pattern!(
            "helm-show",
            r"helm\b(?:\s+--?\S+(?:\s+\S+)?)*\s+show(?=\s|$)"
        ),
        safe_pattern!(
            "helm-inspect",
            r"helm\b(?:\s+--?\S+(?:\s+\S+)?)*\s+inspect(?=\s|$)"
        ),
        // get is safe (read-only)
        safe_pattern!("helm-get", r"helm\b(?:\s+--?\S+(?:\s+\S+)?)*\s+get(?=\s|$)"),
        // search is safe
        safe_pattern!(
            "helm-search",
            r"helm\b(?:\s+--?\S+(?:\s+\S+)?)*\s+search(?=\s|$)"
        ),
        // repo operations are generally safe
        safe_pattern!(
            "helm-repo",
            r"helm\b(?:\s+--?\S+(?:\s+\S+)?)*\s+repo(?=\s|$)"
        ),
        // dry-run flags
        safe_pattern!("helm-dry-run", r"helm\b.*--dry-run"),
        // template only generates manifests
        safe_pattern!(
            "helm-template",
            r"helm\b(?:\s+--?\S+(?:\s+\S+)?)*\s+template(?=\s|$)"
        ),
        // lint is safe (validation)
        safe_pattern!(
            "helm-lint",
            r"helm\b(?:\s+--?\S+(?:\s+\S+)?)*\s+lint(?=\s|$)"
        ),
        // diff plugin is safe
        safe_pattern!(
            "helm-diff",
            r"helm\b(?:\s+--?\S+(?:\s+\S+)?)*\s+diff(?=\s|$)"
        ),
    ]
}

fn create_destructive_patterns() -> Vec<DestructivePattern> {
    vec![
        // uninstall / delete
        destructive_pattern!(
            "uninstall",
            r"helm\b.*?\b(?:uninstall|delete)\b(?!.*--dry-run)",
            "helm uninstall removes the release and all its resources. Use --dry-run first.",
            Critical,
            "helm uninstall deletes the release and ALL Kubernetes resources created by it:\n\n\
             - Deployments, services, and pods are terminated\n\
             - ConfigMaps and secrets are deleted\n\
             - Persistent volume claims may be deleted (depends on chart)\n\
             - Release history is purged (no rollback possible)\n\n\
             Safer alternatives:\n\
             - helm uninstall <release> --dry-run: Preview what will be deleted\n\
             - helm status <release>: Review current release state\n\
             - helm get all <release>: See all resources managed by release\n\
             - helm get manifest <release>: Get the actual Kubernetes manifests"
        ),
        // rollback without dry-run
        destructive_pattern!(
            "rollback",
            r"helm\b.*?\brollback\b(?!.*--dry-run)",
            "helm rollback reverts to a previous release. Use --dry-run to preview changes.",
            High,
            "helm rollback reverts the release to a previous revision. This can cause unexpected \
             behavior if the previous version differs significantly:\n\n\
             - Pod configurations are reverted (may break dependencies)\n\
             - ConfigMaps and secrets are rolled back\n\
             - Database migrations are NOT automatically undone\n\
             - Downtime may occur during the transition\n\n\
             Safer alternatives:\n\
             - helm rollback <release> <revision> --dry-run: Preview changes\n\
             - helm history <release>: Review available revisions\n\
             - helm diff rollback <release> <revision>: Compare changes (requires diff plugin)"
        ),
        // upgrade --force
        destructive_pattern!(
            "upgrade-force",
            r"helm\b.*?\bupgrade\s+.*--force",
            "helm upgrade --force deletes and recreates resources, causing downtime.",
            High,
            "The --force flag causes Helm to delete and recreate resources instead of updating \
             them in place. This can cause service disruption:\n\n\
             - Pods are terminated and recreated (downtime between)\n\
             - Persistent volume claims may be deleted and recreated\n\
             - In-flight requests are dropped during recreation\n\
             - Service IP addresses may change\n\n\
             Safer alternatives:\n\
             - Remove --force to use rolling updates\n\
             - helm upgrade --dry-run --debug: Preview changes\n\
             - helm diff upgrade: Compare before upgrading (requires diff plugin)"
        ),
        // upgrade --reset-values
        destructive_pattern!(
            "upgrade-reset-values",
            r"helm\b.*?\bupgrade\s+.*--reset-values",
            "helm upgrade --reset-values discards all previously set values.",
            High,
            "The --reset-values flag discards all values from previous releases, using only \
             chart defaults and explicitly provided values. This can unexpectedly change:\n\n\
             - Resource limits and replica counts\n\
             - Database connection strings and credentials\n\
             - Feature flags and environment variables\n\
             - Any customization from previous 'helm upgrade' commands\n\n\
             Safer alternatives:\n\
             - helm get values <release>: Review current values first\n\
             - helm upgrade --reuse-values: Keep existing values (default)\n\
             - helm upgrade -f values.yaml: Explicitly set all needed values"
        ),
    ]
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::packs::test_helpers::*;

    #[test]
    fn helm_patterns_match_with_global_flags() {
        // Helm global flags (`--kube-context`, `--kubeconfig`,
        // `--namespace`/`-n`, `--debug`, `--registry-config`, …)
        // between `helm` and the subcommand broke every `helm\s+<sub>`
        // pattern until the `helm\b.*?\b<sub>` sweep.
        let pack = create_pack();
        assert_blocks(
            &pack,
            "helm --kube-context prod uninstall critical-release",
            "uninstall",
        );
        assert_blocks(
            &pack,
            "helm --kubeconfig /tmp/prod.yaml delete prod-svc",
            "uninstall",
        );
        assert_blocks(
            &pack,
            "helm -n prod rollback critical-release 2",
            "rollback",
        );
        assert_blocks(
            &pack,
            "helm --kube-context prod upgrade prod-svc ./chart --force",
            "force",
        );
    }

    #[test]
    fn helm_safe_patterns_do_not_bypass_via_flag_value() {
        // Flag-value bypass class: `--get-values`, `--list-all` etc.
        // must not match safe patterns.  `\s+<sub>\b` form enforces
        // that the subcommand is preceded by whitespace (not `-`).
        let pack = create_pack();
        assert_allows(&pack, "helm list");
        assert_allows(&pack, "helm --kube-context prod list");
        assert_allows(&pack, "helm get values prod-release");
        assert_allows(&pack, "helm status prod-release");
    }
}